Jump to content
Tuts 4 You

How Convert Offset To VA

Bl@ck Virus

By Bl@ck Virus
in x64dbg

Recommended Posts

Bl@ck Virus

Bl@ck Virus

Posted
Posted

hello all

how can I convert Some DLL Offset address to VA ?

Quote

i want to convert this address to VA 

i attach DLL file too

4ouwhmy5yi7w4qw8xjwi.jpg

can i do it directly by x64dbg ? 

tnx in advance 

am.dll

crystalboy

crystalboy

Posted
Posted

To convert file offset to VA you should take a look at PE section table and find what of the section contain the raw offset that you need.

When you find the section there is a formula to calculate it:

your_offset - raw_offset_of_section_that_contain_your_offset + virtual_address_of_section_that_contain_your_offset + IMAGE_BASE = VA

Hope it helps

regards

Bl@ck Virus

Bl@ck Virus

Posted
  • Author
Posted
2 minutes ago, crystalboy said:

To convert file offset to VA you should take a look at PE section table and find what of the section contain the raw offset that you need.

When you find the section there is a formula to calculate it:

your_offset - raw_offset_of_section_that_contain_your_offset + virtual_address_of_section_that_contain_your_offset + IMAGE_BASE = VA

Hope it helps

regards

tnx for you answer 

but is it any application to do it automatically ?

 

crystalboy

crystalboy

Posted
Posted

Yes there is:

PETools (Tools -> PE Editor (select your dll) -> FLC -> Select File offset -> insert your value and press Calculate)

CFF Explorer (Drag and drop your DLL on it and press on Address Converter)

Hope it helps

Regards

 

  • Like 4
Bl@ck Virus

Bl@ck Virus

Posted
  • Author
Posted
Just now, crystalboy said:

Yes there is:

PETools (Tools -> PE Editor (select your dll) -> FLC -> Select File offset -> insert your value and press Calculate)

CFF Explorer (Drag and drop your DLL on it and press on Address Converter)

Hope it helps

Regards

 

thanks again mate :)

mrexodia

mrexodia

Posted
Posted

x64dbg supports it directly. Use: 

kernel32.dll:#1234

To go to kernel32.dll at offset 0x1234. You can also go to a relative address like this: 

x64dbg.exe:$1234

Greetings

  • Like 2
Bl@ck Virus

Bl@ck Virus

Posted
  • Author
Posted
On 3/16/2016 at 11:43 PM, Mr. eXoDia said:

x64dbg supports it directly. Use: 


kernel32.dll:#1234

To go to kernel32.dll at offset 0x1234. You can also go to a relative address like this: 


x64dbg.exe:$1234

Greetings

thanks for your answer Sir

but i`m newbie with x64dbg and i don`t know how I can use this " kernel32.dll:#1234 " 

do you have any video that can help me more ?

tnx agian

mrexodia

mrexodia

Posted
Posted

Use Ctrl + G (goto) and type it there

  • Like 1
Bl@ck Virus

Bl@ck Virus

Posted
  • Author
Posted
2 hours ago, Mr. eXoDia said:

Use Ctrl + G (goto) and type it there

tnx very very much

I love your Debugger....!

  • Like 1

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing
×
×
  • Create New...